Late last week, the wires were buzzing over news that the official site of PHP-Nuke "Professional Content Management System" was serving malware (see 1, 2). I am frankly amazed to see the site still infected 4 days later.

Here at SophosLabs we see hacked sites everyday and the majority are running PHP-driven applications such as Content Management Systems (CMS). The PHP-Nuke site is currently running PHP v. 5.2.9.